scan_execution_policy:
  - name: Run DAST in every pipeline
    description: This policy enforces to run DAST for every pipeline within the project
    enabled: true
    rules:
    - type: pipeline
      branches:
      - "production"
    actions:
    - scan: dast
      site_profile: Site Profile
      scanner_profile: Scanner Profile
  - name: Run DAST in every pipeline_v1
    description: This policy enforces to run DAST for every pipeline within the project
    enabled: true
    rules:
    - type: pipeline
      branches:
      - "master"
    actions:
    - scan: dast
      site_profile: Site Profile
      scanner_profile: Scanner Profile
  - name: Disabled policy
    description: This policy is disabled
    enabled: false
    rules: []
    actions: []
  - name: Disabled policy_v2
    description: This policy is disabled v2
    enabled: false
    rules: []
    actions: []
  - name: Run DAST in every pipeline_v3
    description: This policy enforces to run DAST for every pipeline within the project
    enabled: true
    rules:
    - type: pipeline
      branches:
      - "master"
    actions:
    - scan: dast
      site_profile: Site Profile
      scanner_profile: Scanner Profile
  - name: Run DAST in every pipeline_v4
    description: This policy enforces to run DAST for every pipeline within the project
    enabled: true
    rules:
    - type: pipeline
      branches:
      - "master"
    actions:
    - scan: dast
      site_profile: Site Profile
      scanner_profile: Scanner Profile
  - name: Run DAST in every pipeline_v5
    description: This policy enforces to run DAST for every pipeline within the project
    enabled: true
    rules:
    - type: pipeline
      branches:
      - "master"
    actions:
    - scan: dast
      site_profile: Site Profile
      scanner_profile: Scanner Profile
  - name: Run DAST in every pipeline_v6
    description: This policy enforces to run DAST for every pipeline within the project
    enabled: true
    rules:
    - type: pipeline
      branches:
      - "master"
    actions:
    - scan: dast
      site_profile: Site Profile
      scanner_profile: Scanner Profile
scan_result_policy:
- name: critical vulnerability CS approvals
  description: critical severity level only for container scanning
  enabled: true
  rules:
  - type: scan_finding
    branches:
    - master
    scanners:
    - container_scanning
    vulnerabilities_allowed: 0
    severity_levels:
    - critical
  - type: scan_finding
    branches:
    - master
    scanners:
    - dast
    vulnerabilities_allowed: 1
    severity_levels:
    - info
  - type: scan_finding
    branches:
    - master
    scanners:
    - container_scanning
    vulnerabilities_allowed: 10
    severity_levels:
    - info
  actions:
  - type: require_approval
    approvals_required: 1
    approvers:
    - admin
- name: Enabled DAST policy
  description: enabled police with low and medium severity levels only for DAST
  enabled: true
  rules:
  - type: scan_finding
    branches:
    - master
    scanners:
    - dast
    vulnerabilities_allowed: 1
    severity_levels:
    - medium
    - low
  actions:
  - type: require_approval
    approvals_required: 2
    approvers:
    - admin
    - developer.local
- name: Disabled DAST policy
  description: disabled police with low and medium severity levels only for DAST
  enabled: false
  rules:
  - type: scan_finding
    branches:
    - master
    scanners:
    - dast
    vulnerabilities_allowed: 1
    severity_levels:
    - medium
    - low
  actions:
  - type: require_approval
    approvals_required: 2
    approvers:
    - admin
    - developer.local
- name: Enabled SAST policy
  description: enabled police with low and medium severity levels only for SAST
  enabled: true
  rules:
  - type: scan_finding
    branches:
    - master
    scanners:
    - sast
    vulnerabilities_allowed: 1
    severity_levels:
    - medium
  actions:
  - type: require_approval
    approvals_required: 2
    approvers:
    - admin
- name: Enabled CS policy
  description: enabled police with low severity levels only for CS
  enabled: true
  rules:
  - type: scan_finding
    branches:
    - master
    scanners:
    - container_scanning
    vulnerabilities_allowed: 1
    severity_levels:
    - low
  actions:
  - type: require_approval
    approvals_required: 2
    approvers:
    - developer.local
- name: Enabled DAST and SAST policy
  description: disabled police with unknown severity levels only for DAST and SAST
  enabled: true
  rules:
  - type: scan_finding
    branches:
    - master
    scanners:
    - dast
    - sast
    vulnerabilities_allowed: 1
    severity_levels:
    - unknown
  actions:
  - type: require_approval
    approvals_required: 2
    approvers:
    - admin
    - developer.local
- name: Enabled dependency scanning policy
  description: disabled police with unknown severity levels only for dependency scanning
  enabled: true
  rules:
  - type: scan_finding
    branches:
    - master
    scanners:
    - dependency_scanning
    vulnerabilities_allowed: 1
    severity_levels:
    - unknown
  actions:
  - type: require_approval
    approvals_required: 2
    approvers:
    - admin
    - developer.local
- name: Enabled secret detection policy
  description: disabled police with unknown severity levels only for secret detection
  enabled: true
  rules:
  - type: scan_finding
    branches:
    - master
    scanners:
    - secret_detection
    vulnerabilities_allowed: 1
    severity_levels:
    - unknown
  actions:
  - type: require_approval
    approvals_required: 2
    approvers:
    - admin
    - developer.local